7.2

CVE-2006-4447

EPSS 0.18%
Published 30.08.2006 01:04:00
Last modified 03.04.2025 01:03:51
Source cve@mitre.org
Teams watchlist Login
Open Login

X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, does not check the return values for setuid and seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail, such as by exceeding a ulimit.

Affected products Warnungen 0 Metrics 2 CWE 0 References 20

Data is provided by the National Vulnerability Database (NVD)

X.Org ≫ Emu-linux-x87-xlibs Version7.0_r1

X.Org ≫ X11r6 Version6.7.0

X.Org ≫ X11r6 Version6.8

X.Org ≫ X11r6 Version6.8.1

X.Org ≫ X11r6 Version6.8.2

X.Org ≫ X11r7 Version1.0

X.Org ≫ X11r7 Version1.0.1

X.Org ≫ X11r7 Version1.0.2

X.Org ≫ Xdm Version1.0.3

X.Org ≫ Xf86dga Version1.0.0

X.Org ≫ Xinit Version1.0.2_r5

X.Org ≫ Xload Version1.0.0

X.Org ≫ Xorg-server Version1.02_r5

X.Org ≫ Xterm Version214

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.18%	0.394

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

http://mail.gnome.org/archives/beast/2006-December/msg00025.html

http://secunia.com/advisories/25032

http://secunia.com/advisories/25059

http://security.gentoo.org/glsa/glsa-200704-22.xml

http://www.securityfocus.com/bid/23697

http://www.vupen.com/english/advisories/2007/0409

http://secunia.com/advisories/22332

http://www.debian.org/security/2006/dsa-1193

http://lists.freedesktop.org/archives/xorg/2006-June/016146.html

Patch

http://secunia.com/advisories/21650

Patch

Vendor Advisory

http://secunia.com/advisories/21660

http://secunia.com/advisories/21693

http://security.gentoo.org/glsa/glsa-200608-25.xml

Patch

Vendor Advisory

http://www.kb.cert.org/vuls/id/300368

US Government Resource

http://www.mandriva.com/security/advisories?name=MDKSA-2006:160

http://www.securityfocus.com/bid/19742

http://www.vupen.com/english/advisories/2006/3409

https://nvd.nist.gov/vuln/detail/CVE-2006-4447

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-4447

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-4447

EUVD